我試圖配置rsyslog tls與relp,但不斷收到錯誤。 我使用的是rsyslog 8.15的RHEL 7.2。 我設法使用relp + tls發送消息,但不使用證書。當我添加了證書,我發現了以下錯誤:rsyslogd-2291:imrelp:無法激活relp listner
Jan 20 11:00:17 ip-10-0-0-114 rsyslogd-2353: imrelp[514]: error 'Failed to set certificate trust files [gnutls error -64: Error while reading file.]', object 'lstn 514' - input may not work as intended [v8.15.0 try http://www.rsyslog.com/e/2353 ] Jan 20 11:00:17 ip-10-0-0-114 rsyslogd-2291: imrelp: could not activate relp listner, code 10031 [v8.15.0 try http://www.rsyslog.com/e/2291 ]
服務器的conf:
module(load="imrelp" ruleset="relp")
input(type="imrelp" port="514" tls="on"
tls.caCert="/home/ec2-user/rsyslog/ca.pem"
tls.myCert="/home/ec2-user/rsyslog/server-cert.pem"
tls.myPrivKey="/home/ec2-user/rsyslog/server-key.pem"
tls.authmode="name"
tls.permittedpeer=["client.example.co"]
)
ruleset(name="relp") {
action(type="omfile" file="/var/log/relptls2")
}
以下是客戶端配置:
module(load="omrelp")
action(type="omrelp" target="10.0.0.114" port="514" tls="on"
tls.caCert="/home/ec2-user/rsyslog/ca.pem"
tls.myCert="/home/ec2-user/rsyslog/client-cert.pem"
tls.myPrivKey="/home/ec2-user/rsyslog/client-key.pem"
tls.authmode="name"
tls.permittedpeer=["server.example.co"]
)
當我刪除了tls來自服務器配置的證書字段我得到客戶端錯誤:
Jan 20 10:35:29 ip-10-0-0-206 rsyslogd-2353: omrelp[10.0.0.114:514]: error 'Failed to set certificate trust file [gnutls error -64: Error while reading file.]', object 'conn to srvr 10.0.0.114:514' - action may not work as intended [v8.15.0 try http://www.rsyslog.com/e/2353 ]
幫助將真的很感激,因爲我很長一段時間堆棧。 謝謝!